Unbound on GL-AX1800 with VPN

smackaronies · July 30, 2023, 11:41pm

Hi all,

I’ve got Unbound installed and running on a non-53 port so it doesn’t conflict with dnsmasq. Using DNS Proxy mode, I can utilize the server via the GUI without issue (e.g. setting 127.0.0.1#5353 or 192.168.1.1#5353) as the proxy. Enabling a VPN connection, however, breaks it completely.

I’ve tried allowlisting local IP ranges, adding and tweaking firewall rules, changing the DNS settings in the VPN config file, all to no avail. The other custom DNS settings work just fine, it’s only the proxy mode that seems to not play nice with the VPN.

All ideas and nudges welcome, many thanks!

dxf · July 31, 2023, 4:22am

Hi smackaronies:

What is your firmware version?

smackaronies · August 1, 2023, 1:07am

Hi there, I’m on 4.2.3 release5

dxf · August 1, 2023, 4:12am

I tested the NETWORK->DNS->Encrypted DNS-> DNS over TLS-> Cloudflare feature, stubby work fine with wireguard VPN, and I think stubby and unbound should be similar.

root@GL-AX1800:/# netstat -npl |grep 5453
tcp        0      0 127.0.0.1:5453          0.0.0.0:*               LISTEN      31192/stubby
tcp        0      0 ::1:5453                :::*                    LISTEN      31192/stubby
udp        0      0 127.0.0.1:5453          0.0.0.0:*                           31192/stubby
udp        0      0 ::1:5453                :::*                                31192/stubby
root@GL-AX1800:/# uci show dhcp.@dnsmasq[0]
dhcp.cfg01411c=dnsmasq
dhcp.cfg01411c.domainneeded='1'
dhcp.cfg01411c.filterwin2k='0'
dhcp.cfg01411c.localise_queries='1'
dhcp.cfg01411c.rebind_localhost='1'
dhcp.cfg01411c.local='/lan/'
dhcp.cfg01411c.domain='lan'
dhcp.cfg01411c.expandhosts='1'
dhcp.cfg01411c.nonegcache='0'
dhcp.cfg01411c.authoritative='1'
dhcp.cfg01411c.readethers='1'
dhcp.cfg01411c.leasefile='/tmp/dhcp.leases'
dhcp.cfg01411c.resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.cfg01411c.nonwildcard='1'
dhcp.cfg01411c.localservice='1'
dhcp.cfg01411c.ednspacket_max='1232'
dhcp.cfg01411c.rebind_protection='0'
dhcp.cfg01411c.localuse='1'
dhcp.cfg01411c.server='127.0.0.1#5453'
dhcp.cfg01411c.noresolv='1'

Can you compare the configuration of dnsmasq?

smackaronies · August 1, 2023, 1:45pm

Here’s how they compare, it doesn’t appear that toggling the VPN affects these settings.

DNS over TLS → Cloudflare:

smackaronies · August 1, 2023, 1:46pm

DNS Proxy → 192.168.8.1#1053

dxf · August 2, 2023, 1:17am

pls try to channge unbound’s listen ip and dnsmasq’s server ip to 127.0.0.1

smackaronies · August 3, 2023, 2:35am

As stated this doesn’t seem to affect the issue. Unbound resolves just fine when 127.0.0.1 is specified but times out once the VPN is enabled: